Hacker Uses Phishing Attack To Steal $1.7 Million In NFTs From OpenSea

Be mindful of phishing attacks.

Tweet
Share
WhatsApp
hackers steal $1.7 million in nfts from opensea
Source: OpenSea

A hacker stole NFTs worth more than $1.7 million from OpenSea users using a phishing attack. The attacker stole 254 NFTs, including Decentraland and Bored Ape Yacht Club tokens.

The attacker tricked the targets into signing a partial contract which gave the attacker complete control. For the targets, this was basically like signing a blank check.

The attacker tricked 32 victims into signing a malicious payload through a phishing attack. The payload then authorized the transfer of ownership of the NFTs to the attacker for free.

OpenSea Security

For context, OpenSea is one of the largest NFT marketplaces on the internet. The hackers exploited a vulnerability in the platform’s new Wyvern smart contract system. The system is used in many NFT smart contracts.

Since the NFT boom, OpenSea has become one of the most valued platforms in this industry. It provides a simple marketplace for users to list, browse, and bid on NFTs. However, this sudden success has come with some security risks.

The company has faced numerous vulnerabilities that let hackers steal from its users. The phishing attack occurred when OpenSea was migrating to the new Wyvern system. CEO Devin Finzer explained the phishing attack on a Twitter thread.

“32 users had NFTs stolen over a relatively short time period. This is extremely unfortunate, but suggests a targeted attack as opposed to a systemic issue”.

Nadav Hollander, OpenSea CTO
Nalin Rawat

Nalin Rawat

Nalin is a big fan of movies, comics, games, and awesome new gadgets. He has been writing about technology and gaming since college. In his free time, he plays FPS games and explores virtual reality. Reach out to him at @NalinRawat
More From Fossbytes

Latest On Fossbytes

Find your dream job